package com.xshiwu.springsecurty.controller;

import com.xshiwu.springsecurty.pojo.Users;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.ArrayList;
import java.util.List;

@RestController
@RequestMapping("/test")
public class HelloController {

    @GetMapping("hello")
    public String hello() {
        return "hello";
    }

    @GetMapping("index")
    public String index() {
        return "index";
    }

    // 表示该登录用户具有@Secured注解里面的角色属性才可以登录成功
    @GetMapping("updateSec")
    @Secured({"ROLE_zs","ROLE_ls"})
    public String helloUpdateSecured() {
        return "hello Update Secured";
    }

    // 表示该登录用户具有@PreAuthorize注解里面的角色属性才可以登录成功
    @GetMapping("updatePre")
    @PreAuthorize("hasAnyAuthority('admins')")
    public String helloUpdatePreAuthorize() {
        return "hello Update PreAuthorize";
    }

    @GetMapping("getAll")
    @PostAuthorize("hasAnyAuthority('admins')")
    @PostFilter("filterObject.username == 'admin1'")
    public List<Users> list(){
        List<Users> list = new ArrayList<>();
        list.add(new Users(4l,"admin1","123456"));
        list.add(new Users(5l,"admin2","123456"));

        return list;
    }

    @GetMapping("logout")
    @PreAuthorize("hasAnyAuthority('admins')")
    public String logout(){
        return "退出成功";
    }

}
